Article

Section

Breadcrumbs

Emergency Response and Recovery

Determining which organizations should be involved and the roles they will play has proven challenging at all levels of government for nontraditional catastrophic emergencies such as a cyber attack. Emergency managers often have a difficult time understanding the technical nature of a cyber attack and how that fits in an emergency response while still developing decision-making processes that are true to an all-hazards approach. Below are emergency management resources to assist in planning and responding to a cyber attack.

Cyber Emergency vs Incident

The State of Indiana defines a cyber emergency as any actual, imminent, or potential incident that will adversely affect public health, safety, or security; the environment; or economic prosperity on a level materially significant to the State of Indiana or its operations that requires a coordinated state response.

The State of Indiana defines a cyber incident as it is described in the Presidential Policy Directive 41, which is “an event occurring on or conducted through a computer network that actually or imminently jeopardizes the confidentiality, integrity, or availability of computers, information or communications systems or networks, physical, or virtual infrastructure controlled by computers or information systems, or information resident thereon.”

Ready.gov
Ready.gov is a national public service campaign designed to educate and empower the American people to prepare for, respond to, and mitigate emergencies, including cybersecurity.

US DHS Cybersecurity & Infrastructure Security Agency (CISA) Cyber Resilience Review (CRR)
The CRR is a no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices. The CRR may be conducted as a self-assessment or as an on-site assessment facilitated by DHS cybersecurity professionals. The CRR assesses enterprise programs and practices across a range of ten domains including risk management, incident management, service continuity, and others. The assessment is designed to measure existing organizational resilience as well as provide a gap analysis for improvement based on recognized best practices.